--On Saturday, October 27, 2007 3:00 AM +0000 quanah@zimbra.com wrote:
access to userPassword by users read sasl_ssf=128 break by users read tls=128
Replace users by self, sorry. Obviously you don't want any user to read it. ;) Although hm, anonymous need access at least for auth, so:
access to userPassword by anonymous auth by self read sasl_ssf=128 break by self read tls=128
Note that in the anonymous access case, the user password is never transmitted from the server end, in any case.
You could do a similar requirement as above, something like:
access to userPassword by anonymous auth sasl_ssf=128 break by anonymous auth tls=128 by self read
(At this point, you've forced any user to be encrypted, so no need to duplicate the requirements on the read access).
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration